├── .gitignore ├── arm ├── keycheck ├── magiskboot ├── magiskinit └── magiskinit64 ├── x86 ├── keycheck ├── magiskboot ├── magiskinit └── magiskinit64 ├── chromeos ├── futility ├── kernel.keyblock └── kernel_data_key.vbprivk ├── common ├── magisk.apk ├── boot_patch.sh └── util_functions.sh ├── META-INF └── com │ └── google │ └── android │ ├── update-binary │ └── updater-script ├── README.md └── .gitattributes /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /arm/keycheck: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/arm/keycheck -------------------------------------------------------------------------------- /x86/keycheck: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/x86/keycheck -------------------------------------------------------------------------------- /arm/magiskboot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/arm/magiskboot -------------------------------------------------------------------------------- /arm/magiskinit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/arm/magiskinit -------------------------------------------------------------------------------- /x86/magiskboot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/x86/magiskboot -------------------------------------------------------------------------------- /x86/magiskinit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/x86/magiskinit -------------------------------------------------------------------------------- /arm/magiskinit64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/arm/magiskinit64 -------------------------------------------------------------------------------- /chromeos/futility: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/chromeos/futility -------------------------------------------------------------------------------- /common/magisk.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/common/magisk.apk -------------------------------------------------------------------------------- /x86/magiskinit64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/x86/magiskinit64 -------------------------------------------------------------------------------- /chromeos/kernel.keyblock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/chromeos/kernel.keyblock -------------------------------------------------------------------------------- /chromeos/kernel_data_key.vbprivk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/chromeos/kernel_data_key.vbprivk -------------------------------------------------------------------------------- /META-INF/com/google/android/update-binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Zackptg5/Kernel-Sepolicy-Patcher/HEAD/META-INF/com/google/android/update-binary -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Kernel Sepolicy Patcher by Zackptg5 2 | Sets kernel to permissive or enforcing (your choice) by modifying kernel cmdline 3 | Uses magisk tools by @topjohnwu 4 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Declare files that will always have LF line endings on checkout. 2 | *.sh text eol=lf 3 | *.prop text eol=lf 4 | *.md text eol=lf 5 | *.xml text eol=lf 6 | META-INF/** text eol=lf 7 | -------------------------------------------------------------------------------- /META-INF/com/google/android/updater-script: -------------------------------------------------------------------------------- 1 | #MAGISK 2 | ########################################################################################## 3 | # 4 | # Magisk Flash Script 5 | # by topjohnwu 6 | # 7 | # This script will detect, construct the environment for Magisk 8 | # It will then call boot_patch.sh to patch the boot image 9 | # 10 | ########################################################################################## 11 | 12 | ########################################################################################## 13 | # Preparation 14 | ########################################################################################## 15 | 16 | COMMONDIR=$INSTALLER/common 17 | APK=$COMMONDIR/magisk.apk 18 | CHROMEDIR=$INSTALLER/chromeos 19 | 20 | # Default permissions 21 | umask 022 22 | 23 | OUTFD=$2 24 | ZIP=$3 25 | 26 | if [ ! -f $COMMONDIR/util_functions.sh ]; then 27 | echo "! Unable to extract zip file!" 28 | exit 1 29 | fi 30 | 31 | # Load utility fuctions 32 | . $COMMONDIR/util_functions.sh 33 | 34 | setup_flashable 35 | 36 | ########################################################################################## 37 | # Detection 38 | ########################################################################################## 39 | 40 | ui_print "***************************" 41 | ui_print "* Kernel Sepolicy Patcher *" 42 | ui_print "* By: Zackptg5 *" 43 | ui_print "***************************" 44 | 45 | is_mounted /data || mount /data || is_mounted /cache || mount /cache || abort "! Unable to mount partitions" 46 | mount_partitions 47 | 48 | find_boot_image 49 | 50 | [ -z $BOOTIMAGE ] && abort "! Unable to detect target image" 51 | ui_print "- Target image: $BOOTIMAGE" 52 | 53 | # Detect version and architecture 54 | api_level_arch_detect 55 | 56 | BINDIR=$INSTALLER/$ARCH32 57 | chmod -R 755 $CHROMEDIR $BINDIR 58 | 59 | ########################################################################################## 60 | # Environment 61 | ########################################################################################## 62 | 63 | MAGISKBIN=$INSTALLER/bin 64 | mkdir -p $MAGISKBIN 2>/dev/null 65 | cp -af $BINDIR/. $COMMONDIR/. $CHROMEDIR $BBDIR/busybox $MAGISKBIN 66 | chmod -R 755 $MAGISKBIN 67 | 68 | $BOOTMODE || recovery_actions 69 | 70 | ########################################################################################## 71 | # Boot patching 72 | ########################################################################################## 73 | 74 | eval $BOOTSIGNER -verify < $BOOTIMAGE && BOOTSIGNED=true 75 | $BOOTSIGNED && ui_print "- Boot image is signed with AVB 1.0" 76 | 77 | SOURCEDMODE=true 78 | cd $MAGISKBIN 79 | 80 | # Source the boot patcher 81 | . ./boot_patch.sh "$BOOTIMAGE" 82 | 83 | ui_print "- Flashing new boot image" 84 | 85 | if ! flash_image new-boot.img "$BOOTIMAGE"; then 86 | ui_print "- Compressing ramdisk to fit in partition" 87 | ./magiskboot cpio ramdisk.cpio compress 88 | ./magiskboot repack "$BOOTIMAGE" 89 | flash_image new-boot.img "$BOOTIMAGE" || abort "! Insufficient partition size" 90 | fi 91 | 92 | ./magiskboot cleanup 93 | rm -f new-boot.img 94 | 95 | cd / 96 | # Cleanups 97 | $BOOTMODE || recovery_cleanup 98 | rm -rf $TMPDIR 99 | 100 | ui_print "- Done" 101 | exit 0 102 | -------------------------------------------------------------------------------- /common/boot_patch.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | ########################################################################################## 3 | # 4 | # Magisk Boot Image Patcher 5 | # by topjohnwu 6 | # 7 | # Usage: boot_patch.sh 8 | # 9 | # The following flags can be set in environment variables: 10 | # KEEPVERITY, KEEPFORCEENCRYPT 11 | # 12 | # This script should be placed in a directory with the following files: 13 | # 14 | # File name Type Description 15 | # 16 | # boot_patch.sh script A script to patch boot. Expect path to boot image as parameter. 17 | # (this file) The script will use binaries and files in its same directory 18 | # to complete the patching process 19 | # util_functions.sh script A script which hosts all functions requires for this script 20 | # to work properly 21 | # magiskinit binary The binary to replace /init, which has the magisk binary embedded 22 | # magiskboot binary A tool to unpack boot image, decompress ramdisk, extract ramdisk, 23 | # and patch the ramdisk for Magisk support 24 | # chromeos folder This folder should store all the utilities and keys to sign 25 | # (optional) a chromeos device. Used for Pixel C 26 | # 27 | # If the script is not running as root, then the input boot image should be a stock image 28 | # or have a backup included in ramdisk internally, since we cannot access the stock boot 29 | # image placed under /data we've created when previously installed 30 | # 31 | ########################################################################################## 32 | ########################################################################################## 33 | # Functions 34 | ########################################################################################## 35 | 36 | RECOVERYMODE=false 37 | 38 | # Pure bash dirname implementation 39 | getdir() { 40 | case "$1" in 41 | */*) dir=${1%/*}; [ -z $dir ] && echo "/" || echo $dir ;; 42 | *) echo "." ;; 43 | esac 44 | } 45 | 46 | keytest() { 47 | ui_print "- Vol Key Test" 48 | ui_print " Press a Vol Key:" 49 | if (timeout 3 /system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $INSTALLER/events); then 50 | return 0 51 | else 52 | ui_print " Try again:" 53 | timeout 3 $INSTALLER/$ARCH32/keycheck 54 | local SEL=$? 55 | [ $SEL -eq 143 ] && abort " Vol key not detected!" || return 1 56 | fi 57 | } 58 | 59 | chooseport() { 60 | #note from chainfire @xda-developers: getevent behaves weird when piped, and busybox grep likes that even less than toolbox/toybox grep 61 | while true; do 62 | /system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $INSTALLER/events 63 | if (`cat $INSTALLER/events 2>/dev/null | /system/bin/grep VOLUME >/dev/null`); then 64 | break 65 | fi 66 | done 67 | if (`cat $INSTALLER/events 2>/dev/null | /system/bin/grep VOLUMEUP >/dev/null`); then 68 | return 0 69 | else 70 | return 1 71 | fi 72 | } 73 | 74 | chooseportold() { 75 | # Calling it first time detects previous input. Calling it second time will do what we want 76 | while true; do 77 | $INSTALLER/$ARCH32/keycheck 78 | $INSTALLER/$ARCH32/keycheck 79 | local SEL=$? 80 | if [ "$1" == "UP" ]; then 81 | UP=$SEL 82 | break 83 | elif [ "$1" == "DOWN" ]; then 84 | DOWN=$SEL 85 | break 86 | elif [ $SEL -eq $UP ]; then 87 | return 0 88 | elif [ $SEL -eq $DOWN ]; then 89 | return 1 90 | fi 91 | done 92 | } 93 | 94 | # patch_cmdline 95 | patch_cmdline() { 96 | local cmdline match; 97 | cmdline=`grep 'cmdline=' header` 98 | if [ -z "$(echo $cmdline | grep "$1")" ]; then 99 | [ -z $2 ] && return || cmdline="$cmdline $2" 100 | else 101 | [ -z $2 ] && cmdline="$(echo $cmdline | sed -e "s|$1 ||" -e "s| $1||")" || cmdline="$(echo $cmdline | sed -e "s|$1|$2|")" 102 | fi 103 | sed -i "s|cmdline=.*|$cmdline|" header 104 | } 105 | 106 | ########################################################################################## 107 | # Initialization 108 | ########################################################################################## 109 | 110 | if [ -z $SOURCEDMODE ]; then 111 | # Switch to the location of the script file 112 | cd "`getdir "${BASH_SOURCE:-$0}"`" 113 | # Load utility functions 114 | . ./util_functions.sh 115 | fi 116 | 117 | BOOTIMAGE="$1" 118 | [ -e "$BOOTIMAGE" ] || abort "$BOOTIMAGE does not exist!" 119 | 120 | chmod -R 755 . 121 | 122 | # Extract magisk if doesn't exist 123 | [ -e magisk ] || ./magiskinit -x magisk $MAGISKBIN/magisk 124 | 125 | ########################################################################################## 126 | # Unpack 127 | ########################################################################################## 128 | 129 | CHROMEOS=false 130 | 131 | ui_print "- Unpacking boot image" 132 | ./magiskboot unpack -h "$BOOTIMAGE" 133 | 134 | case $? in 135 | 1 ) 136 | abort "! Unsupported/Unknown image format" 137 | ;; 138 | 2 ) 139 | ui_print "- ChromeOS boot image detected" 140 | CHROMEOS=true 141 | ;; 142 | esac 143 | 144 | ########################################################################################## 145 | # Ramdisk patches 146 | ########################################################################################## 147 | 148 | # begin ramdisk changes 149 | if keytest; then 150 | FUNCTION=chooseport 151 | else 152 | FUNCTION=chooseportold 153 | ui_print " ! Legacy device detected! Using old keycheck method" 154 | ui_print " " 155 | ui_print "- Vol Key Programming" 156 | ui_print " Press Vol Up Again:" 157 | $FUNCTION "UP" 158 | ui_print " Press Vol Down" 159 | $FUNCTION "DOWN" 160 | fi 161 | ui_print " " 162 | ui_print "- Select Sepolicy" 163 | ui_print " Vol+ = Enforcing, Vol- = Permissive" 164 | if $FUNCTION; then 165 | ui_print " Setting kernel to enforcing..." 166 | patch_cmdline "androidboot.selinux=permissive" "" 167 | else 168 | ui_print " Setting kernel to permissive..." 169 | patch_cmdline "androidboot.selinux=permissive" "androidboot.selinux=permissive" 170 | patch_cmdline "androidboot.selinux=enforcing" "" 171 | fi 172 | 173 | ########################################################################################## 174 | # Repack and flash 175 | ########################################################################################## 176 | 177 | ui_print "- Repacking boot image" 178 | ./magiskboot repack "$BOOTIMAGE" || abort "! Unable to repack boot image!" 179 | 180 | # Sign chromeos boot 181 | $CHROMEOS && sign_chromeos 182 | 183 | # Reset any error code 184 | true 185 | -------------------------------------------------------------------------------- /common/util_functions.sh: -------------------------------------------------------------------------------- 1 | ######################################### 2 | # 3 | # Magisk General Utility Functions 4 | # by topjohnwu 5 | # 6 | ######################################### 7 | 8 | ########## 9 | # Presets 10 | ########## 11 | 12 | MAGISK_VER="19.1" 13 | MAGISK_VER_CODE=19100 14 | 15 | # Detect whether in boot mode 16 | [ -z $BOOTMODE ] && BOOTMODE=false 17 | $BOOTMODE || ps | grep zygote | grep -qv grep && BOOTMODE=true 18 | $BOOTMODE || ps -A 2>/dev/null | grep zygote | grep -qv grep && BOOTMODE=true 19 | 20 | # Presets 21 | MAGISKTMP=/sbin/.magisk 22 | NVBASE=/data/adb 23 | [ -z $TMPDIR ] && TMPDIR=/dev/tmp 24 | 25 | # Bootsigner related stuff 26 | BOOTSIGNERCLASS=a.a 27 | BOOTSIGNER="/system/bin/dalvikvm -Xnodex2oat -Xnoimage-dex2oat -cp \$APK \$BOOTSIGNERCLASS" 28 | BOOTSIGNED=false 29 | 30 | ################### 31 | # Helper Functions 32 | ################### 33 | 34 | ui_print() { 35 | $BOOTMODE && echo "$1" || echo -e "ui_print $1\nui_print" >> /proc/self/fd/$OUTFD 36 | } 37 | 38 | toupper() { 39 | echo "$@" | tr '[:lower:]' '[:upper:]' 40 | } 41 | 42 | grep_cmdline() { 43 | local REGEX="s/^$1=//p" 44 | cat /proc/cmdline | tr '[:space:]' '\n' | sed -n "$REGEX" 2>/dev/null 45 | } 46 | 47 | grep_prop() { 48 | local REGEX="s/^$1=//p" 49 | shift 50 | local FILES=$@ 51 | [ -z "$FILES" ] && FILES='/system/build.prop' 52 | sed -n "$REGEX" $FILES 2>/dev/null | head -n 1 53 | } 54 | 55 | getvar() { 56 | local VARNAME=$1 57 | local VALUE= 58 | VALUE=`grep_prop $VARNAME /sbin/.magisk/config /data/.magisk /cache/.magisk` 59 | [ ! -z $VALUE ] && eval $VARNAME=\$VALUE 60 | } 61 | 62 | is_mounted() { 63 | grep -q " `readlink -f $1` " /proc/mounts 2>/dev/null 64 | return $? 65 | } 66 | 67 | abort() { 68 | ui_print "$1" 69 | $BOOTMODE || recovery_cleanup 70 | exit 1 71 | } 72 | 73 | resolve_vars() { 74 | MAGISKBIN=$NVBASE/magisk 75 | POSTFSDATAD=$NVBASE/post-fs-data.d 76 | SERVICED=$NVBASE/service.d 77 | } 78 | 79 | ###################### 80 | # Environment Related 81 | ###################### 82 | 83 | setup_flashable() { 84 | # Preserve environment varibles 85 | OLD_PATH=$PATH 86 | ensure_bb 87 | $BOOTMODE && return 88 | if [ -z $OUTFD ] || readlink /proc/$$/fd/$OUTFD | grep -q /tmp; then 89 | # We will have to manually find out OUTFD 90 | for FD in `ls /proc/$$/fd`; do 91 | if readlink /proc/$$/fd/$FD | grep -q pipe; then 92 | if ps | grep -v grep | grep -q " 3 $FD "; then 93 | OUTFD=$FD 94 | break 95 | fi 96 | fi 97 | done 98 | fi 99 | } 100 | 101 | ensure_bb() { 102 | if [ -x $MAGISKTMP/busybox/busybox ]; then 103 | [ -z $BBDIR ] && BBDIR=$MAGISKTMP/busybox 104 | elif [ -x $TMPDIR/bin/busybox ]; then 105 | [ -z $BBDIR ] && BBDIR=$TMPDIR/bin 106 | else 107 | # Construct the PATH 108 | [ -z $BBDIR ] && BBDIR=$TMPDIR/bin 109 | mkdir -p $BBDIR 110 | ln -s $MAGISKBIN/busybox $BBDIR/busybox 111 | $MAGISKBIN/busybox --install -s $BBDIR 112 | fi 113 | echo $PATH | grep -q "^$BBDIR" || export PATH=$BBDIR:$PATH 114 | } 115 | 116 | recovery_actions() { 117 | # Make sure random don't get blocked 118 | mount -o bind /dev/urandom /dev/random 119 | # Unset library paths 120 | OLD_LD_LIB=$LD_LIBRARY_PATH 121 | OLD_LD_PRE=$LD_PRELOAD 122 | OLD_LD_CFG=$LD_CONFIG_FILE 123 | unset LD_LIBRARY_PATH 124 | unset LD_PRELOAD 125 | unset LD_CONFIG_FILE 126 | # Force our own busybox path to be in the front 127 | # and do not use anything in recovery's sbin 128 | export PATH=$BBDIR:/system/bin:/vendor/bin 129 | } 130 | 131 | recovery_cleanup() { 132 | export PATH=$OLD_PATH 133 | [ -z $OLD_LD_LIB ] || export LD_LIBRARY_PATH=$OLD_LD_LIB 134 | [ -z $OLD_LD_PRE ] || export LD_PRELOAD=$OLD_LD_PRE 135 | [ -z $OLD_LD_CFG ] || export LD_CONFIG_FILE=$OLD_LD_CFG 136 | ui_print "- Unmounting partitions" 137 | umount -l /system_root 2>/dev/null 138 | umount -l /system 2>/dev/null 139 | umount -l /vendor 2>/dev/null 140 | umount -l /dev/random 2>/dev/null 141 | } 142 | 143 | ####################### 144 | # Installation Related 145 | ####################### 146 | 147 | find_block() { 148 | for BLOCK in "$@"; do 149 | DEVICE=`find /dev/block -type l -iname $BLOCK | head -n 1` 2>/dev/null 150 | if [ ! -z $DEVICE ]; then 151 | readlink -f $DEVICE 152 | return 0 153 | fi 154 | done 155 | # Fallback by parsing sysfs uevents 156 | for uevent in /sys/dev/block/*/uevent; do 157 | local DEVNAME=`grep_prop DEVNAME $uevent` 158 | local PARTNAME=`grep_prop PARTNAME $uevent` 159 | for BLOCK in "$@"; do 160 | if [ "`toupper $BLOCK`" = "`toupper $PARTNAME`" ]; then 161 | echo /dev/block/$DEVNAME 162 | return 0 163 | fi 164 | done 165 | done 166 | return 1 167 | } 168 | 169 | mount_part() { 170 | local PART=$1 171 | local POINT=/${PART} 172 | [ -L $POINT ] && rm -f $POINT 173 | mkdir $POINT 2>/dev/null 174 | is_mounted $POINT && return 175 | ui_print "- Mounting $PART" 176 | mount -o ro $POINT 2>/dev/null 177 | if ! is_mounted $POINT; then 178 | local BLOCK=`find_block $PART$SLOT` 179 | mount -o ro $BLOCK $POINT 180 | fi 181 | is_mounted $POINT || abort "! Cannot mount $POINT" 182 | } 183 | 184 | mount_partitions() { 185 | # Check A/B slot 186 | SLOT=`grep_cmdline androidboot.slot_suffix` 187 | if [ -z $SLOT ]; then 188 | SLOT=`grep_cmdline androidboot.slot` 189 | [ -z $SLOT ] || SLOT=_${SLOT} 190 | fi 191 | [ -z $SLOT ] || ui_print "- Current boot slot: $SLOT" 192 | 193 | mount_part system 194 | if [ -f /system/init.rc ]; then 195 | SYSTEM_ROOT=true 196 | [ -L /system_root ] && rm -f /system_root 197 | mkdir /system_root 2>/dev/null 198 | mount --move /system /system_root 199 | mount -o bind /system_root/system /system 200 | else 201 | grep -qE '/dev/root|/system_root' /proc/mounts && SYSTEM_ROOT=true || SYSTEM_ROOT=false 202 | fi 203 | [ -L /system/vendor ] && mount_part vendor 204 | $SYSTEM_ROOT && ui_print "- Device is system-as-root" 205 | } 206 | 207 | get_flags() { 208 | # override variables 209 | getvar KEEPVERITY 210 | getvar KEEPFORCEENCRYPT 211 | getvar RECOVERYMODE 212 | if [ -z $KEEPVERITY ]; then 213 | if $SYSTEM_ROOT; then 214 | KEEPVERITY=true 215 | ui_print "- System-as-root, keep dm/avb-verity" 216 | else 217 | KEEPVERITY=false 218 | fi 219 | fi 220 | if [ -z $KEEPFORCEENCRYPT ]; then 221 | grep ' /data ' /proc/mounts | grep -q 'dm-' && FDE=true || FDE=false 222 | [ -d /data/unencrypted ] && FBE=true || FBE=false 223 | # No data access means unable to decrypt in recovery 224 | if $FDE || $FBE || ! $DATA; then 225 | KEEPFORCEENCRYPT=true 226 | ui_print "- Encrypted data, keep forceencrypt" 227 | else 228 | KEEPFORCEENCRYPT=false 229 | fi 230 | fi 231 | [ -z $RECOVERYMODE ] && RECOVERYMODE=false 232 | } 233 | 234 | find_boot_image() { 235 | BOOTIMAGE= 236 | if $RECOVERYMODE; then 237 | BOOTIMAGE=`find_block recovery_ramdisk$SLOT recovery` 238 | elif [ ! -z $SLOT ]; then 239 | BOOTIMAGE=`find_block ramdisk$SLOT recovery_ramdisk$SLOT boot$SLOT` 240 | else 241 | BOOTIMAGE=`find_block ramdisk recovery_ramdisk kern-a android_boot kernel boot lnx bootimg boot_a` 242 | fi 243 | if [ -z $BOOTIMAGE ]; then 244 | # Lets see what fstabs tells me 245 | BOOTIMAGE=`grep -v '#' /etc/*fstab* | grep -E '/boot[^a-zA-Z]' | grep -oE '/dev/[a-zA-Z0-9_./-]*' | head -n 1` 246 | fi 247 | } 248 | 249 | flash_image() { 250 | # Make sure all blocks are writable 251 | $MAGISKBIN/magisk --unlock-blocks 2>/dev/null 252 | case "$1" in 253 | *.gz) CMD1="$MAGISKBIN/magiskboot decompress '$1' - 2>/dev/null";; 254 | *) CMD1="cat '$1'";; 255 | esac 256 | if $BOOTSIGNED; then 257 | CMD2="$BOOTSIGNER -sign" 258 | ui_print "- Sign image with test keys" 259 | else 260 | CMD2="cat -" 261 | fi 262 | if [ -b "$2" ]; then 263 | local img_sz=`stat -c '%s' "$1"` 264 | local blk_sz=`blockdev --getsize64 "$2"` 265 | [ $img_sz -gt $blk_sz ] && return 1 266 | eval $CMD1 | eval $CMD2 | cat - /dev/zero > "$2" 2>/dev/null 267 | else 268 | ui_print "- Not block device, storing image" 269 | eval $CMD1 | eval $CMD2 > "$2" 2>/dev/null 270 | fi 271 | return 0 272 | } 273 | 274 | find_dtbo_image() { 275 | DTBOIMAGE=`find_block dtbo$SLOT` 276 | } 277 | 278 | patch_dtbo_image() { 279 | find_dtbo_image 280 | if [ ! -z $DTBOIMAGE ]; then 281 | ui_print "- DTBO image: $DTBOIMAGE" 282 | if $MAGISKBIN/magiskboot --dtb-test $DTBOIMAGE; then 283 | ui_print "- Backing up stock DTBO image" 284 | $MAGISKBIN/magiskboot --compress $DTBOIMAGE $MAGISKBIN/stock_dtbo.img.gz 285 | ui_print "- Patching DTBO to remove avb-verity" 286 | $MAGISKBIN/magiskboot --dtb-patch $DTBOIMAGE 287 | return 0 288 | fi 289 | fi 290 | return 1 291 | } 292 | 293 | sign_chromeos() { 294 | ui_print "- Signing ChromeOS boot image" 295 | 296 | echo > empty 297 | ./chromeos/futility vbutil_kernel --pack new-boot.img.signed \ 298 | --keyblock ./chromeos/kernel.keyblock --signprivate ./chromeos/kernel_data_key.vbprivk \ 299 | --version 1 --vmlinuz new-boot.img --config empty --arch arm --bootloader empty --flags 0x1 300 | 301 | rm -f empty new-boot.img 302 | mv new-boot.img.signed new-boot.img 303 | } 304 | 305 | remove_system_su() { 306 | if [ -f /system/bin/su -o -f /system/xbin/su ] && [ ! -f /su/bin/su ]; then 307 | ui_print "- Removing system installed root" 308 | mount -o rw,remount /system 309 | # SuperSU 310 | if [ -e /system/bin/.ext/.su ]; then 311 | mv -f /system/bin/app_process32_original /system/bin/app_process32 2>/dev/null 312 | mv -f /system/bin/app_process64_original /system/bin/app_process64 2>/dev/null 313 | mv -f /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh 2>/dev/null 314 | cd /system/bin 315 | if [ -e app_process64 ]; then 316 | ln -sf app_process64 app_process 317 | elif [ -e app_process32 ]; then 318 | ln -sf app_process32 app_process 319 | fi 320 | fi 321 | rm -rf /system/.pin /system/bin/.ext /system/etc/.installed_su_daemon /system/etc/.has_su_daemon \ 322 | /system/xbin/daemonsu /system/xbin/su /system/xbin/sugote /system/xbin/sugote-mksh /system/xbin/supolicy \ 323 | /system/bin/app_process_init /system/bin/su /cache/su /system/lib/libsupol.so /system/lib64/libsupol.so \ 324 | /system/su.d /system/etc/install-recovery.sh /system/etc/init.d/99SuperSUDaemon /cache/install-recovery.sh \ 325 | /system/.supersu /cache/.supersu /data/.supersu \ 326 | /system/app/Superuser.apk /system/app/SuperSU /cache/Superuser.apk 2>/dev/null 327 | fi 328 | } 329 | 330 | api_level_arch_detect() { 331 | API=`grep_prop ro.build.version.sdk` 332 | ABI=`grep_prop ro.product.cpu.abi | cut -c-3` 333 | ABI2=`grep_prop ro.product.cpu.abi2 | cut -c-3` 334 | ABILONG=`grep_prop ro.product.cpu.abi` 335 | 336 | ARCH=arm 337 | ARCH32=arm 338 | IS64BIT=false 339 | if [ "$ABI" = "x86" ]; then ARCH=x86; ARCH32=x86; fi; 340 | if [ "$ABI2" = "x86" ]; then ARCH=x86; ARCH32=x86; fi; 341 | if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; ARCH32=arm; IS64BIT=true; fi; 342 | if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; ARCH32=x86; IS64BIT=true; fi; 343 | } 344 | 345 | check_data() { 346 | DATA=false 347 | DATA_DE=false 348 | if grep ' /data ' /proc/mounts | grep -vq 'tmpfs'; then 349 | # Test if data is writable 350 | touch /data/.rw && rm /data/.rw && DATA=true 351 | # Test if DE storage is writable 352 | $DATA && [ -d /data/adb ] && touch /data/adb/.rw && rm /data/adb/.rw && DATA_DE=true 353 | fi 354 | $DATA && NVBASE=/data || NVBASE=/cache/data_adb 355 | $DATA_DE && NVBASE=/data/adb 356 | resolve_vars 357 | } 358 | 359 | find_manager_apk() { 360 | APK=/data/adb/magisk.apk 361 | [ -f $APK ] || APK=/data/magisk/magisk.apk 362 | [ -f $APK ] || APK=/data/app/com.topjohnwu.magisk*/*.apk 363 | if [ ! -f $APK ]; then 364 | DBAPK=`magisk --sqlite "SELECT value FROM strings WHERE key='requester'" | cut -d= -f2` 365 | [ -z "$DBAPK" ] || APK=/data/app/$DBAPK*/*.apk 366 | fi 367 | } 368 | 369 | ################# 370 | # Module Related 371 | ################# 372 | 373 | set_perm() { 374 | chown $2:$3 $1 || return 1 375 | chmod $4 $1 || return 1 376 | CON=$5 377 | [ -z $CON ] && CON=u:object_r:system_file:s0 378 | chcon $CON $1 || return 1 379 | } 380 | 381 | set_perm_recursive() { 382 | find $1 -type d 2>/dev/null | while read dir; do 383 | set_perm $dir $2 $3 $4 $6 384 | done 385 | find $1 -type f -o -type l 2>/dev/null | while read file; do 386 | set_perm $file $2 $3 $5 $6 387 | done 388 | } 389 | 390 | mktouch() { 391 | mkdir -p ${1%/*} 2>/dev/null 392 | [ -z $2 ] && touch $1 || echo $2 > $1 393 | chmod 644 $1 394 | } 395 | 396 | request_size_check() { 397 | reqSizeM=`du -ms "$1" | cut -f1` 398 | } 399 | 400 | request_zip_size_check() { 401 | reqSizeM=`unzip -l "$1" | tail -n 1 | awk '{ print int(($1 - 1) / 1048576 + 1) }'` 402 | } 403 | 404 | ################################## 405 | # Backwards Compatibile Functions 406 | ################################## 407 | 408 | get_outfd() { setup_flashable; } 409 | 410 | mount_magisk_img() { 411 | $BOOTMODE && MODULE_BASE=modules_update || MODULE_BASE=modules 412 | MODULEPATH=$NVBASE/$MODULE_BASE 413 | mkdir -p $MODULEPATH 2>/dev/null 414 | ln -s $MODULEPATH $MOUNTPATH 415 | } 416 | 417 | unmount_magisk_img() { 418 | rm -f $MOUNTPATH 2>/dev/null 419 | } 420 | 421 | boot_actions() { return; } 422 | 423 | ######## 424 | # Setup 425 | ######## 426 | 427 | resolve_vars 428 | --------------------------------------------------------------------------------